Forgot one important thing:
/etc/sysctl.conf
net.inet.icmp.icmplim=0
net.inet.tcp.msl=3000
kern.maxfilesperproc=65536
kern.maxfiles=262144
kern.ipc.maxsockets=131072
kern.ipc.somaxconn=1024
net.inet.tcp.recvspace=16384
net.inet.tcp.sendspace=16384
kern.ipc.nmbclusters=32768
net.inet.ip.forwardin
One thing I found was that the MTU of the GRE interfaces was different
than the MTU on the routers. I fixed that and am currently testing it.
Adrian Chadd wrote:
What you want to do is try and find a tcpdump capture for the broken
HTTP flows.
I'd make sure window scaling is disabled, ECN is d
We've made changes, and are still having issues - do you think using
squid3, changing our values, setting squid to run directly on port 80
(instead of ipfw redirecting 80 to 3128), or running Linux would solve
the problems (this is on FreeBSD 6.2)?
The main log messages we're getting are "http
Adrian Chadd wrote:
On Thu, Jan 17, 2008, Ryan Thoryk wrote:
We've made changes, and are still having issues - do you think using
squid3, changing our values, setting squid to run directly on port 80
(instead of ipfw redirecting 80 to 3128), or running Linux would solve
the problems (this is o
Amos Jeffries wrote:
Just a thought: is your squid built with ip-transparent or ipf-transparent
support or none?
None, since the machine's using ipfw.
Ryan Thoryk
Adrian Chadd wrote:
It might be an IOS release issue then. You may need to upgrade to some
more recent?
If you're really nice then I can load that IOS version on the 7200 I have
here. Let me know the output of "show ver" and I'll see what I can do.
Here's the detailed version strings (of the
I've got more information (on the FreeBSD side):
The packets are coming in over the GRE interface, but seem to be
randomly disappearing after the IPFW forward operation (forwards to
localhost:3128).
Here's the ipfw config:
00150 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via gre0 in
0
Well actually it seems like we found the problem. We were testing 3 of
the 4 routers, and only 1 of those was having issues. By turning on the
options "no ip redirects" and "no ip proxy-arp" on the router's ethernet
interfaces, the problem went away. Also with that ipfw config, that's
just h
> We've made changes, and are still having issues - do you think using
> squid3, changing our values, setting squid to run directly on port 80
> (instead of ipfw redirecting 80 to 3128), or running Linux would solve
> the problems (this is on FreeBSD 6.2)?
I'm not sure if a FreeBSD/Linux chaneg wo
On Thu, Jan 17, 2008, Ryan Thoryk wrote:
> We've made changes, and are still having issues - do you think using
> squid3, changing our values, setting squid to run directly on port 80
> (instead of ipfw redirecting 80 to 3128), or running Linux would solve
> the problems (this is on FreeBSD 6.2)
> On Thu, Jan 17, 2008, Ryan Thoryk wrote:
>> We've made changes, and are still having issues - do you think using
>> squid3, changing our values, setting squid to run directly on port 80
>> (instead of ipfw redirecting 80 to 3128), or running Linux would solve
>> the problems (this is on FreeBSD 6
On Thu, Jan 17, 2008, Ryan Thoryk wrote:
> Well in our current setup, we have 4 cisco 7200 routers (IOS 12.2(27))
> redirecting to the first squid machine (squid is currently shut down on
> it, due to the problems), and so it's not something we can easily test
> that way. If I can get a test m
On Thu, Jan 24, 2008, Ryan Thoryk wrote:
> I've got more information (on the FreeBSD side):
>
> The packets are coming in over the GRE interface, but seem to be
> randomly disappearing after the IPFW forward operation (forwards to
> localhost:3128).
>
> Here's the ipfw config:
> 00150 fwd 127.0
13 matches
Mail list logo
